- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Polled about their organization’s approaches to identity and access management, audit and compliance professionals in industry and government expressed a high level of frustration with how their IT and business management units are managing IAM.
Almost half (45%) of the 845 respondents questioned by the Ponemon Institute for the research study released today said their own organization does not effectively focus its IAM policies and controls on areas of business risk.
The compliance professionals, 68% of whom said IAM products were in use in their organizations, also expressed frustration that IT and business management groups weren’t collaborating well in deploying IAM.
“The compliance and audit folks think collaboration is important, but they acknowledge their companies’ shortfall in this area,” says Larry Ponemon, chairman and founder of the research firm, which focuses on privacy, data breach and security topics. The “Audit & Compliance Professionals: Survey on Identity Compliance” study released today by Ponemon was sponsored by SailPoint Technologies.
Access control, password management, user provisioning and role management constitute aspects of IAM that respondents said were used to meet such regulatory compliance requirements as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and privacy laws.
However, 65% of the professionals surveyed in the Ponemon study complained that “IT staff lacks understanding of risk management and compliance,” a drawback that made it difficult to implement IAM controls effectively. The IT department in most cases was deemed the most responsible for selecting, deploying and monitoring IAM products in the organization.
In addition, the poll reflected the opinion that IT departments and audit and business people often do not collaborate well on issues concerning IAM compliance. Of those polled, 61% said “there is no collaboration whatsoever” or “collaboration rarely occurs"; 25% called it “okay, but could be improved,” and 14% calling it “excellent.”
Ponemon said the results of the study indicate that according to the respondents, “the IT people don’t have an appreciation of audit and compliance, what the rules are, and don’t prioritize compliance. They think IT cares more about efficiency.”
He added a similar survey of IT people undertaken last February on the same topic showed the flip side of the coin, with IT professionals unhappy with audit and compliance professionals.
14 years ago, I dealt with somebody like Childs. I was the new manager and the veteran techie knew it...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment